Smart grid introduced the term FAN. FAN is part of AMI, the infrastructure connecting the end consumer to the utility. A smart meter aggregates home power consumption data and passes them on to a FAN, which then transmits that data to a WAN, which delivers them to the utility.

For the average consumer, the smart meter is the gateway to the utility and the interface with the home area network (HAN). Although there are other gateways, such as broadband cable, DSL, and fiber modems and connectors, the smart meter is gaining a foothold as a gateway. Since the utility installs it, the smart meter is already compatible with the utility’s communications protocols. For that reason, it is becoming the de facto gateway.

The meter technology is unique, and I am not sure whether typical ICT vendors can enter the field easily. Some vendors, like GE, stand out among the who’s who in providing meters. In my PG&E territory, we had an analog (dumb) meter from GE before, and our new smart meter is also from GE. A big difference between dumb and smart meters, aside from analog vs. digital, is the communications capability of the smart meter. The smart meter has at least three functions: it aggregates/stores the power usage information (hourly or more frequently), transmits the aggregated data to the utility via the FAN, and receives the signal from the utility to control devices and appliances on the HAN.

A dumb meter stores the power usage information by advancing hands in the analog indicators, and it needs no specific internal memory. On the other hand, a smart meter requires some kind of internal memory to record the usage according to the frequency of measurement. In addition, a smart meter needs a mechanism to transmit and receive data and signals. A transmission chip or firmware is embedded into the meter logic for that. ZigBee (mesh wireless technology) is becoming the de facto standard for smart meters. (ZigBee is not a company but a consortium that dictates the ZigBee specification. A company that wants to implement ZigBee pays a license fee and implements its own version according to the specification. NIST is very cautious about declaring a technology a standard. For example, NIST has designated IP as a communications protocol but no others yet. ZigBee, Wi-Fi, and WiMax are under consideration to become part of the standard. ZigBee has started working on supporting IP but doesn’t do so completely yet.

	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
		White Paper: Effective Backup and Restore
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Data collected from each household are aggregated to a network access point (NAP) in the neighborhood. I have been looking for this point but have not found it yet. Since ZigBee does not support IP 100%, the communication between each smart meter and the NAP is via ZigBee.

Some information about PG&E’s smart meter can be found here.

Each NAP is now connected via wireless WAN. PG&E uses ZigBee for FAN, but other technologies could be wired  or wireless (WiMax) and BPL.

Related posts:

1. Smart Grid, Part 1: The Intersection of the Power and ICT Fields
2. ZigBee Does Smart Grid Communication
3. How Broadband Helps Smart Grid according to FCC

Continue reading at New York Times ->

Related posts:

1. A Portable Security Risk
2. Attack on Google In January Supposedly Targeted Critical Password System
3. New Software Design Technique Allows Programs to Run Faster

The power system consists of generation, transmission, and distribution. Let’s start with distribution, which also has three parts: the distribution network, field area network/automated meter infrastructure (FAN/AMI), and the home. Today I’ll talk about the home aspect.

	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
		The Different Types of UPS systems
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

A smart meter installed at home provides power usage information as an aggregate. By observing my hourly power usage information, I can understand my usage. (By the way, I do not think we have any dynamic pricing yet, as the usage and the charge for it are proportional.) This is great progress, but I would like to see a more detailed breakdown. For example, there is a spike in the middle of the night when I shut down all but essential appliances like the refrigerator. I would like to know if this spike comes from the refrigerator’s defrosting cycle or something akin to it.

To support more-detailed information, each appliance and other electronic device must be able to report its power use to the smart meter or some other collection point in the house. To do this, we need a module to meter power usage as well as some kind of communication function. A new set of appliances and electronic gear may come with the metering chip or firmware installed, but we need a dongle for the existing ones. The dongle business would be only until our current appliances are all replaced by new ones that have the chip or firmware. As for communication, we need a mechanism to transmit the power usage information to the smart meter and/or some collection point. The communication should be two-way because, when demand and response (D/R) is implemented, each appliance and other electronic gear must receive a D/R signal and respond to it. Whirlpool, for example, has announced that it would include such a function in all its new appliances. The candidates for the communications technology include HomePlug, ZigBee, Wi-Fi, Z-Wave, and 6lowpan. None of them is designated as a standard by NIST, though.

Right now, the only way I can get my power usage information is to access PG&E’s website. The information is delayed more than 24 hours. Even though this is progress over the one-month-late information on the bill, I want to receive more minute and real-time information. Unless the data sent over to PG&E are available to me, I cannot do anything with them. However, if its own collection module is embedded in each appliance and electronic device, any power usage information, whether aggregate or individual, can be readily available. The metering frequency can be adjusted at our discretion. Once such data become available, they can be displayed on any of several dashboardlike software applications now available. Google and Microsoft provide free software, while companies like Opower sell their own versions. Opower works with utilities to provide its product. PG&E has not worked with either Google or Microsoft, stating that it wants to wait for the standard.

The home market may be large, but the technical barrier to entering it does not seem to be too daunting. The chip or firmware for metering power usage is a commodity. The communications protocols are well known and do not appear to be hard to implement. Once the power usage data are available, collection, aggregation, analysis, and display are very straightforward, and I do not see much differentiation in the technology itself. So probably the key to this market is how well each vendor and service provider can work with utilities. After all most consumers are not engineers and would like to have an easy solution. On top of that, power consumers deal with their utility, and adopting the solutions provided by their utility may feel easier.

By the way, as one of the speakers at SVLG’s energy summit, I find my interest in checking the hourly use of power waning. After all, I cannot see the breakdown or real-time usage. I will talk about the FAN/AMI area later.

Related posts:

1. Smart Grid, Part 2: The Intersection of the Power and ICT Fields
2. How Broadband Helps Smart Grid according to FCC
3. Smart Grid Seminar in Tokyo

What’s that you say, Mr. President, the nation turns its eyes to you

Nothing threatens our economy more than the destruction of the fundamental structure of the Internet as a free open Net Neutral (NN) enterprise; nothing threatens the open competitive markets more than the obstruction of free trade and communications.  Evidence of this is the security and communications industry itself.  It is a vital piece of the economy and it’s done a bloody good job so far.  If only we ever got that fiber connection the telcom industry blew, while other nations had no problem.

Few in Washington, or around the country, seem interested in stopping the juggernaut from transforming the technology landscape.  The argument now pivots on reversing the change under Bush’s FCC  to treat telcoms like networks able to carve little fiefdoms of their own.  This is one of those square pegs in round hole exhibits as the legislation around the Internet today may not be salvageable under a global communications enterprise.  Yet we may be stuck with trying to get the petrol back down the well, after the top blows off it.

On the side with vocal support for NN.  “Consumer groups and Net neutrality advocates have been calling for the FCC to reclassify broadband as a telecommunications service, which would make all the old regulation for the regular phone network apply to broadband.”

“Two FCC Commissioners and one US Senator slammed the Google-Verizon joint policy agreement and strongly endorsed the principle of net neutrality last night at a hearing before hundreds of citizens in Minneapolis, giving the Chairman of the federal agency Julius Genachowski all of the support he would need to regulate broadband Internet, if he so chose.  Democratic Commissioners Michael Copps and Mignon Clyburn both endorsed the reclassification of broadband as a communications service, under Title II of the Telecommunications Act. Copps said simply, “It’s calling an apple an apple.”

If Genachowski does what he said he would do, there will be the votes to pass the policy change. Genachowski and the FCC are weighing the polls, apparently, as that seems to be the only thing we see on important decisions.  The Titan’s deal “would eliminate any openness provisions over wireless, which is where all Internet applications are going,” said Copps.

Here is what Clyburn wrote:

“The Federal Communications Commission has been considering how to ensure that we all continue to have access to lawful information, services, and applications available on the Internet, without service providers blocking or degrading such access, or favoring some content (such as their own) over others. This is not about regulating the Internet. It’s about ensuring that consumers, rather than gatekeeper corporations, maintain control over their online experience.

“The conversation about protecting consumers and their access to an open Internet is important — and should not occur just in Washington, D.C. For that reason, when Free Press, the Center for Media Justice and Main Street Project approached us about participating in a town hall meeting in Minneapolis to discuss the importance of an open Internet with the public, we both signed up immediately. We hope you will do so, too.”

And here is what Dave Dayen at Firedoglake emphatically adds, firmly putting the ball in FCC’s reach:

– “this public display of support for net neutrality makes perfectly clear that two votes exist on the FCC for strong regulatory authority over broadband in all its forms. Only three votes would be needed for passage, so really, it’s all up to Chairman Genachowski.”

We are really living in a binary world with only a bunch of bit players, so to speak

From the NYTimes article,

“The silence of big media companies like Comcast and the News Corporation on the issue has been noticeable. Media companies’ traditional business models have been about controlled pathways to the customer, and they may see benefits in restoring some of that control.

Diller calls the Google-Verizon proposal a “sham” and says it “doesn’t preserve ‘net neutrality,’ full stop, or anything like it.” The asked him “if other media executives were staying quiet because they stand to gain from a less open Internet, he said simply, “Yes.”

So on the side of NN it sounds clear cut but not everyone agrees in the details, where the devil lives.  An argument offered by Robert E. Litan and Hal J. Singer  on Friday August 13, 2010 explains it this way:

“At its core, net neutrality seeks to ensure that ISPs (like Verizon) do not advantage one content provider (like Google) over another (like Yahoo!). But instead of looking to the widely accepted and proven non-discrimination provisions in other areas of communications (such as cable programming), the FCC has crafted a brand new concept of non-discrimination. Non-discrimination under the FCC’s net neutrality proposal means that ISPs cannot offer enhanced services beyond the plain-vanilla access service to content providers at any price.”

Their view is that packets needing special treatment would require additional handlers, since ISP’s would be prevented from providing that service.  Here is what they admit would happen, though they look at the ramifications as a positive:

“The recent Google-Verizon framework represents a large step in the right direction. In particular, it would:
“bolster the FCC’s authority to enforce its open-Internet principles based on Congressional authority; establish the concept of a case-by-case approach, forbid the FCC from promulgating detailed rules on the kind of conduct that is permitted, and immunize wireless ISPs from any net neutrality requirements.”

I don’t like the sound of at least two of their points listed as giveaways to these poor telcom giants, but wait, it gets much better.  Here is the line I love best in a quote from  telecom analyst Craig Moffett of Bernstein Research, “the imposition of net neutrality rules, Verizon FiOS "would be stopped in its tracks," and AT&T’s U-Verse "deployments would slow." Outcomes like these clearly would not serve the interests of the business community.”

Others have weighed in and here are a few of the prominent opinions …

Josh Silver, chief executive of the nonprofit group Free Press, said the exemptions amounted to “the cable-ization of the Internet,” NYTimes
“Silver’s group is promoting a petition to the F.C.C. titled “Don’t Let Google Be Evil.” Silicon Valley investors have expressed trepidation that the new rules, if adopted, could put a damper on innovation, particularly for mobile start-ups.”  Both sides on this claim their position is best for innovation, the question might be, which direction should these “innovations” moving?  If they are innovating ways to tax bits over any of the Internet channels, no thanks.

“Broadband that’s not the Internet? I don’t know what they’re talking about,” said David A. Patterson, a professor of computer science at Cal Berkeley.

Matt Cohler, a general partner at Benchmark Capital, a venture firm who knows a few things about start-ups:
“It is as important to have the right protections in place for the newer platform as it is for the older platform.”

Here you really need to ask yourself, how it is so many other countries have passed us by?  The ISP’s and telecoms and cable primates have had carte blanche the last hundred years, yet we are #45 in providing services to our people?  These guys get the license to print money, and they get to write the rules for the future.

	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
		White Paper: Scale-out NAS Unifies the Technical Enterprise
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Clearly, this is a monumental task that requires open dialog between all sides:  “The chairman clearly stated that the agency is not looking to regulate broadband pricing or require broadband infrastructure owners to share their network elements with competitors. This has been a big fear among broadband providers. Under the 1996 Telecommunications Act, telephony networks are required to share their infrastructure and the government has set prices on how much operators can charge for access to that infrastructure.”

The market place is the best decision maker on where the toll booths are placed.  For the wireless Internet the global market place must decide.  But first we need the site map, the topography and the big picture.  We need the public and business represented and education and government to function and communicate.  We also have to discuss how the digital trade will work across borders.  This is not the time to stifle trade or expand xenophobia or isolationism.  This is the time to compete.

Related posts:

1. Google-Verizon Pact: It Gets Worse By Craig Aaron
2. FCC Lightfoot Two Steps To Public Pressure On Transparency Failure
3. Net Neutrality, Obama, Genachowski, Congress and Jobs Down The Drain

What was considered a dozen years ago as a fait accompli, a security business standard, is now a full blown cold war with Red Queens on treadmills trying to keep consumer confidence cranking.

If there is a strategic plan for getting our arms around a secure Internet, it’s a bloody damn secret; Washington is probably the biggest danger we face.

While the bandits are surly, and often out in the open, the Internet safeguards are muddled and marginalized.

Articles appear routinely labeling our friends, and trading partners, from China or Russia as responsible for everything from SPAM or espionage or hacking.

It’s a different universe apparently.

Hail to the chief.

If you happen to run a transactional content business over the Internet, you are no doubt wondering what in the hell to do to keep the wolves at bay;  If you are paying to maintain ecommerce inventory, you must be shuddering.  Even Jeff Bezos and Ebay have no idea what horse to bet on in this race.

The rundown on the consolidation chess match for a few of the Internet security giants began earlier this spring with Symantec’s acquisition of the ubiquitous VeriSign brand.  Then the news this week from the NY Times, and it goes something  like this “Intel’s fortunes are tied to PCs and the computer servers that go into data centers. As such, Intel, with revenue of $35.1 billion in 2009, goes through boom-and-bust cycles as demand waxes and wanes. McAfee, with revenue of $1.93 billion last year, sells a great deal of software on a subscription basis, which can smooth out financial results from quarter to quarter and year to year.”  That formidable quarterly report just got juiced by a little high margin commodity dollars.

McAfee has 17.7 percent of the market for securing computing devices, trailing the market leader Symantec, which has 36.2 percent, according to the research firm IDC. In the last couple of years, McAfee has gained ground on Symantec by signing a large number of deals with PC makers and Internet service providers to offer its security software to consumers and workers.”

“Intel already builds a number of security hooks into its chips. These tools can help block malicious software from disrupting a computer or give a technician the ability to fix a computer from a remote location. The purchase of McAfee would give Intel access to more security specialists and the ability to hardwire more of these types of tools into its chips.”

Embedding security riders on chips may be an efficient way to secure desktops, maybe even enterprises, but will undoubtedly run into problems hooking mobile devices up with foreign service networks and other devices.  On the surface, the strategy sounds more brittle.  As long as you are NOT after the “world-wide” web, you’re probably just fine.  Traveling in and out of foreign or international networks, sounds challenging.  Security bridges are antithetical to a free Internet.

	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
		White Paper: Scale-out NAS Unifies the Technical Enterprise
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

“Eventually the software features will get embedded in the hardware,” said Ashok Kumar, a technology analyst with Rodman & Renshaw. “So maybe this is an expensive way for Intel to acquire domain expertise.”

Didn’t another giant have a problem with embedding stuff in their system? I think it was an operating system and a browser with a deadbolt on so you could not uninstall it.  But desktops aren’t the battleground these days as the Wall Streeters know the big bucks are in the handhelds and distribution.  I don’t see why Intel just didn’t buy Research In Motion and AT&T?

Deconstructing further, I translate “domain expertise” here to mean ritualized revenue from licenses or ecommerce transactions.  Another toll booth, in other words.  They all want their vigorish.  If the consumer isn’t ready to puke at the sound of the word “subscription” yet, give it a minute.  Maybe they will get some smart marketing guys to sit down with the engineers and figure a way to keep it seamless?  Nah.

Related posts:

1. Torturing the Secret out of a Secure Chip
2. H.P. to Work With Hynix on New Computer Memory Chips
3. When Less is More: Why Small Companies Should Think Outside the (Red/Yellow) Box for Protecting Endpoints

“Computer security researchers are raising alarms about vulnerabilities in some of the Web’s most secure corners: the banking, e-commerce and other sites that use encryption to communicate with their users. Those sites, which are typically identified by a closed lock displayed somewhere in the Web browser, rely on a third-party organization to issue a certificate that guarantees to a user’s Web browser that the sites are authentic. But as the number of such third-party “certificate authorities” has proliferated into hundreds spread across the world, it has become increasingly difficult to trust that those who issue the certificates are not misusing them to eavesdrop on the activities of Internet users, the security experts say.

“It is becoming one of the weaker links that we have to worry about,” said Peter Eckersley, a senior staff technologist at the Electronic Frontier Foundation, an online civil liberties group.

“The power to appoint certificate authorities has been delegated by browser makers like Microsoft, Mozilla, Google and Apple to various companies, including Verizon. Those entities, in turn, have certified others, creating a proliferation of trusted “certificate authorities,” according to Internet security researchers.

“According to the Electronic Frontier Foundation, more than 650 organizations can issue certificates that will be accepted by Microsoft’s Internet Explorer and Mozilla’s Firefox, the two most popular Web browsers. Some of these organizations are in countries like Russia and China, which are suspected of engaging in widespread surveillance of their citizens. “

“Mr. Eckersley said Exhibit No. 1 of the weak links in the chain is Etisalat, a wireless carrier in the United Arab Emirates that he said was involved in the dispute between the BlackBerry maker, Research In Motion, and that country over encryption. The U.A.E. threatened to discontinue some BlackBerry services because of R.I.M.’s refusal to offer a surveillance back door to its customers’ encrypted communications. Mr. Eckersley also said that Etisalat was found to have installed spyware on the handsets of some 100,000 BlackBerry subscribers last year. Research In Motion later issued patches to remove the malicious code.

“Yet Mr. Eckersley said that Etisalat was one of the “certificate authorities” and could misuse its position to eavesdrop on the activities of Internet users. “

Is the problem idiosyncratic, or systemic?  And, like the BP oil spill, is it still leaking information from folks given the license to, apparently, steal.  Well Mr. Eckersley has attempted to address this in this letter from the Electronic Frontier Foundation (EFF):

	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
		IP Phone Comparison Guide
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

EFF to Verizon: Etisalat Certificate Authority Threatens Web Security

Technical Analysis by Peter Eckersley

EFF will soon be launching the SSL Observatory project, an effort to monitor and secure the cryptographic infrastructure of the World Wide Web. There is much work to be done, and we will need the help of many parties to make the HTTPS-encrypted web genuinely trustworthy. To see why, you can read the following letter, which we are sending to Verizon today:

(there is also a story in the New York Times)

Dear Verizon,

We are writing to request that Verizon investigate the security and privacy implications of the SSL CA certificate (serial number 0×40003f1) that Cybertrust (now a division of Verizon) issued to Etisalat on the 19th of December, 2005, and evaluate whether this certificate should be revoked.

As you are aware, Etisalat is a telecommunications company headquartered in the United Arab Emirates. In July 2009, Etisalat issued a mislabeled firmware update to approximately 100,000 of its BlackBerry subscribers that contained malicious surveillance software [1]. Research In Motion subsequently issued patches to remove this malicious code [2].

More recently, the United Arab Emirates Telecommunications Regulatory Authority and Etisalat threatened to discontinue service to BlackBerry users, claiming that these devices "allow users to act without any legal accountability, causing judicial, social and national security concerns for the UAE", apparently on account of Research In Motion’s refusal to offer surveillance back doors in its encryption services [3].

These events clearly demonstrate that Etisalat and the UAE regulatory environment within which it operates are institutionally hostile to the existence and use of secure cryptosystems. It is therefore of great concern to us that Etisalat is in possession of a trusted SSL CA certificate and the accompanying private key, which effectively functions as a master key for the encrypted portion of the World Wide Web. Etisalat could use this key to issue itself valid HTTPS certificates for verizon.com, eff.org, google.com, microsoft.com, or indeed any other website. Etisalat could use those certificates to conduct virtually undetectable surveillance and attacks against those sites. Etisalat’s keys could also possibly be used to obtain access to some corporate VPNs.

We believe this situation constitutes an unacceptable security risk to the Internet in general and especially to foreigners who use Etisalat’s data services when they travel.

We do not know whether Etisalat is willing to use its SSL CA keys for surveillance; however, the malicious code that Etisalat distributed last year had been signed by cryptographic keys that gave it access to various security-sensitive parts of the BlackBerry’s API [4][5], indicating a willingness on Etisalat’s part to use other keys for the wholesale subversion of security measures intended to protect users’ privacy.

Because Microsoft, Mozilla, and other browser vendors have chosen to delegate certificate issuing authority to Verizon/Cybertrust, and because Cybertrust in turn chose to delegate this authority to Etisalat, Verizon is now the only party in a position to mitigate this risk to Internet security in a manner that is prompt and minimizes side-effects. We therefore request that Verizon reevalute whether Etisalat is a trustworthy Certificate Authority, and determine whether may be appropriate to issue a new CRL revoking Etisalat’s CA certificate.

We’re real curious as to why this status has not been divulged.  The FCC and possibly other agencies ought to demand an audit of all the certificates and authenticate or replace existing certificates to insure they are not compromised.  The cost to replace certificates is minimal compared to the risks.  Anyone have any ideas, let us know.  There will be prizes.

Related posts:

1. Why The Hype Around Extended Validation (EV) SSL Certificates?
2. FCC Lightfoot Two Steps To Public Pressure On Transparency Failure
3. EV SSL: Why It Works To Increase Online Transactions

The topic is Net Neutrality (NN), and how it will affect access to the Internet; and who gets to decide what the public and business world ought to expect from leadership.  Each week we try to focus on one of the angles to this story and hopefully provide the IT community with a baseline from which they can decide how their interests are represented.  Opinions are like tastes, though here, we encourage you to argue over them.

Jeff Chester, CDD Founder and Executive Director

The continuity of democracy and access to bandwidth are inextricably linked forever.  Never have the stakes been higher; never have there been more challenges.  Having said that, there is little faith that Obama and his promises are even still being acknowledged.  It is also clear, that his adversaries – the Republicans – have even the vaguest idea of what the problems are or are interested in protecting all the players.  They all seem, frankly, only interested in preserving the status quo, which is sure to leave the future cloudy at best.

Here is a clip from the Bill Moyer’s show shot back in 2007 on this topic:

“With the explosive growth of the Internet and broadband communications, we now have the potential for a truly democratic media system offering a wide variety of independent sources of news, information, and culture, with control over content in the hands of the many rather than a few select media giants.  But the country’s powerful communications companies have other plans. Assisted by a host of hired political operatives and pro-business policy makers, the big cable, TV, and Internet providers are using their political clout to gain ever greater control over the Internet and other digital communication channels. Instead of a “global information commons,” we’re facing an electronic media system designed principally to sell to rather than serve the public, dominated by commercial forces armed with aggressive digital marketing, interactive advertising, and personal data collection.”

Big media hasn’t changed its stripes and is unlikely to any time soon unless they are forced to and it doesn’t seem like anyone inside the beltway has the spine to stand up to anyone, no less these special interests which, thanks to the public trough, have all the money in the world to buy politicians, including the likes of Genachowski, Obama’s talking fool.

Having said that, here is a note from a post over on Huffington Post today:

“Four Democratic members of the House Energy and Commerce Committee penned a letter to Federal Communications Commission Chairman Julius Genachowski Tuesday asking the FCC "to ensure the maintenance of an open Internet" by rejecting a recent deal by Google and Verizon that could lead to tiered pricing for internet service.

"The recent proposal by Google and Verizon of an industry-centered net neutrality policy framework reinforces the need for resolution of the current open proceedings at the commission to ensure the maintenance of an open Internet," wrote Reps. Ed Markey of Massachusetts, Anna Eshoo of California, Jay Inslee of Washington and Mike Doyle of Pennsylvania.

Last week, Google and Verizon announced a deal that could set the stage for internet service that’s "separate but equal," according to critics. While the plan prohibits internet service providers from discriminating in how they treat content traveling over wireline networks, Google and Verizon’s agreement would allow wireless carriers to throttle users’ internet traffic as long as they are transparent about it.

The representatives argued that any sort of paid prioritization of internet traffic is contrary to the "fundamental non-discrimination principles that have made the Internet the most successful communications and commercial medium in history."

"The public interest," the Democrats argued, "is served by a free and open Internet that continues to be an indispensable platform for innovation, investment, entrepreneurship, and free speech."

They called for a plan that would ensure an "efficient marketplace" where "businesses and consumers — not carriers — decide the winners and losers in the Internet ecosystem."

The representatives also showed support for a recently abandoned FCC proposal that sought to regulate broadband service. A Supreme Court ruling earlier this year derailed the effort.”

Jeff Chester’s been working on public issues with the Internet and the workers involved to essentially,

• Developing the campaign for an open broadband Internet
• Helping educate the public about the plans of the phone and cable companies to operate a more tightly-controlled broadband system
• Leading efforts at the Federal Trade Commission to promote new policies governing online privacy and responsible interactive marketing practices

Here is a copy of the letter:

“The Honorable Julius Genachowski Chairman Federal Communications Commission 445 12th Street Washington, DC 20554

Dear Chairman Genachowski:

The deployment of broadband service is a national imperative — as important to our nation’s economic success, growth and competitiveness as the postal roads, canals, rail lines, and interstate highways of the past.

Following the D.C. Circuit Court’s Comcast decision earlier this year, the Commission’s regulatory authority with respect to this vital engine of our economy was upended. Accordingly, the initiation in May of a proceeding on Commission authority was an appropriate and tailored response to the Court’s Comcast ruling. Reclassification and clear FCC oversight as contemplated by your "Third Way" proposal is critically important for bringing the benefits of broadband to all Americans and achieving the goals set forth in the landmark National Broadband Plan, including advancement of consumer welfare, energy independence and efficiency, job creation and other national priorities.

The recent proposal by Google and Verizon of an industry-centered net neutrality policy framework reinforces the need for resolution of the current open proceedings at the Commission to ensure the maintenance of an open Internet. Rather than expansion upon a proposal by two large communications companies with a vested financial interest in the outcome, formal FCC action is needed. The public interest is served by a free and open Internet that continues to be an indispensable platform for innovation, investment, entrepreneurship, and free speech.

As the Commission’s broadband proceeding moves forward, we believe that the Commission should be guided by the following fundamental principles:

The FCC must have oversight authority for broadband access services.

The United States has fallen behind other nations in terms of broadband deployment and adoption because of the failure to properly plan for its development and support its use; however, the National Broadband Plan represents a monumental step towards increasing deployment and adoption and unleashing the power of high speed access to create jobs, improve health care delivery, upgrade public safety tools and expand educational opportunities. Without the proper authority to implement all facets of the Plan, we will not fulfill its full promise or achieve its goals. Classification of broadband access service under Title II, combined with the Commission’s forbearance authority, would provide the necessary certainty for broadband network operators, broadband users, and Internet innovators alike.

Paid prioritization would close the open Internet.

Paid prioritization is contrary to the fundamental non-discrimination principles that have made the Internet the most successful communications and commercial medium in history. Such arrangements would favor certain content providers to the detriment of other content creators, degrading the traffic of providers unable or unwilling to pay. These types of arrangements, whether they are called paid prioritization or fast lanes harm the Internet. A commonsense non-discrimination requirement without loopholes is essential for an efficient marketplace where businesses and consumers — not carriers — decide the winners and losers in the Internet ecosystem. We strongly encourage you to reject any policy proposals that would permit paid prioritization of delivery of Internet content.

Wired and wireless services should have a common regulatory framework and rules.

Exclusion of wireless services from open Internet requirements could widen the digital divide by establishing a substandard, less open experience for traditionally underserved regions and demographic groups that may more often need to access or choose to access the Internet on a mobile device. Moreover, such inconsistent principles could confuse consumers, who would have different and uneven experiences depending solely on the connection that their mobile devices might use to reach the Internet. An Internet framework excluding wireless from important consumer safeguards could impede attainment of national broadband goals, while lessening the potential for wireless platforms to serve unserved and underserved areas.

Broad "managed services" exceptions would swallow open Internet rules.

An overbroad definition of the proposed "managed services" category would sap the vitality and stunt the growth of the Internet. In fact, an overly broad interpretation of managed services would create an exception that swallows the rule. For example, managed services might be rebranded or repackaged services and applications — only with priority treatment not available to competitors. By undermining competition and the value of the open Internet, managed services could have significantly negative consequences for consumers and commercial enterprises.

In sum, we believe that any rules that result from the Commission’s proceedings should focus on adherence to the public interest, discourage attempts to strangle the free-flow of lawful content, applications and services for American consumers and provide certainty both for entrepreneurs and Internet users. The time for FCC action is now. We look forward to continuing to work with you and other members of the Commission to ensure that the Commission’s Open Internet proceeding moves forward to protect the public interest.

Thank you for your consideration.

Sincerely,

Rep. Jay Inslee
Rep. Ed Markey
Rep. Anna Eshoo
Rep. Mike Doyle

	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
		White Paper: Scale-out NAS Unifies the Technical Enterprise
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Jobs continue to go unfilled and companies continue to lose ground to overseas companies who have their government on the right side. The right side being, naturally, the free, open and unabridged Internet, something that may be going extinct here in the states. We are losing ground at every turn and it starts with the failure to educate our kids and the bias against entrepreneurs and small business which are the backbone of our economy. Those who are railing against immigrants may think this government understands how to solve it, but they’d be wrong. Unless business gets their voices heard, the next time you’re looking for a savvy, educated and hard-working Internet professional, you will have to search off shore. We are simply not producing them.

Let us know what you would like to see covered and what’s missing in this thread.  There are more loose threads than in my Granny’s old quilt so bare with us and help us out if you can.

Related posts:

1. How Broadband Helps Smart Grid according to FCC
2. Bandwidth Gatekeeper’s Jockey For Position
3. FCC Update To Challenge The Big Pipes

Screenshot 1

The beginning of this year saw mass Web hosting compromises across numerous hosting providers; thousands of websites were compromised via vulnerabilities in shared hosting providers and as a result, were serving malware. We thought eventually everything would be cleaned up and everyone’s operations would be back to normal–but it seems that didn’t happen… yet.

Recently a lot of our HackAlert customers are still flagged (by HackAlert) to be serving malware. We noticed a particular group of them today–those that have installed the "Small Business Success Index" widget by Network Solutions. There are two ways one can install the widget into one’s website or blog–via the one-click installation script offered by Widgetbox (as seen in Screenshot 1 above), or by directly visiting Network Solution’s growsmartbusiness.com (Screenshot 2 below).

Screenshot 2

We quickly registered a Google Blogger account and verified that whoever installed this widget, will be serving malware as of now. Although Widgetbox is only one website providing an installation script for this widget, this site alone has recorded 5,371 installations (yes that "1" is us) already (see Screenshot 1 above). This means more than five thousand sites may be affected.

Here are the steps we went through in our verification process. We first went to Widgetbox and clicked on the "Install Widget" button as seen in Screenshot 1. A popup showed us the javascript to embed, as well as one-click-install buttons for Facebook, Blogger, Twitter, iGoogle, WordPress, LinkedIn, my Yearbook, etc. Yikes:

Screenshot 3

We clicked on "Blogger" and it worked–our armorizetest blog now has the widget installed:

Screenshot 4

Clicking on "Edit" shows the widget’s javascript code–it’s loading the javascript from cnd.widgetserver.com:

Screenshot 5

Visiting our test blog now shows the widget:

Screenshot 6

And now, our blog is officially serving malware. Scanning this test blog with HackAlert shows that our blog is indeed serving malware now. Here’s the traceback:

1. in http://armorizetest.blogspot.com,

2. http://cdn.widgetserver.com/syndication/subscriber/InsertWidget.js,

3. http://cdn.widgetserver.com/syndication/subscriber/Main.js?39866, code omitted

4. http://markup.widgetserver.com/syndication/get_widget.html?widget.appId=68804a4e-6a5a-444c-b0d7-efdced64bee1&widget.regId=390f0daf-4998-474c-b207-a6398f278681&widget.friendlyId=small-business-success-index&widget.name=Small%20Business%20Success%20Index&widget.token=0ed26d5a93c23a4c798d563608b7265d07481df40000012a67400851&widget.sid=2bf65a16514f760acc18c69a3420ad34&widget.vid=2bf65a16514f760acc18c69a3420ad34&widget.id=0&widget.location=http%3A%2F%2Farmorizetest.blogspot.com%2F&widget.timestamp=1281647662457&widget.serviceLevel=0&widget.provServiceLevel=1&widget.instServiceLevel=0&widget.width=160&widget.height=300&widget.wrapper=JAVASCRIPT&widget.isAdFriendly=false&widget.isAdEnabled=false&widget.adChannels=&widget.adPlacement=&widget.ua=mozilla%2F4.0%20%28compatible%3B%20msie%206.0%3B%20windows%20nt%205.1%3B%20sv1%29&widget.output=htmlcontent

5. http://growsmartbusiness.com/widgets/widget.php,

6. http://96.30.16.216:8037/exemple.com/, malicious code

7. http://96.30.16.216:8037/exemple.com/error.js.php, malicious code

8. http://208.86.153.68:8067/exemple.com/load.php?spl=mdac, malicious code

9. http://96.30.16.216:8037/exemple.com/?spl=2&br=MSIE&vers=6.0&s=, malicious code

10. http://96.30.16.216:8037/exemple.com/error.js.php, malicious code

11. http://96.30.16.216:8037/exemple.com/992.jar

12. http://96.30.16.216:8037/exemple.com/cbe.jar

	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
		Disaster Recovery Planning with Virtualization
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Conclusion: what a quick way to make your blog, website, facebook, linkedin, all serving malware.

Googling a bit, we verified that the domain growsmallbusiness.com was definitely compromised and injected with a r57shell (webshell), which allowed the attacker easy manipulation of the site. Check

this link

.

In part 2, we’ll detail the actual malware behavior.

Note:

We received some questions so we’ll answer here. If you are trying to analyze this malware, note that it’s quite mean and implements the following behavior:

1. Serves to each IP only once

2. Blocks well-known drive-by download analysis services such as Wepawet and jsunpack. These won’t be able to help you in this case–see

Wepawet

results and

jsunpack

results.

Related posts:

1. YouTube Comments Loaded With Malware Links
2. Kaspersky Labs Discovers Malware On Brand New Netbook
3. The Top 10 Malware Sites As Indexed By Google

Now that Oracle has Sun’s hardware, Solaris operating system, virtualization engine, and other components, they can provide well-integrated solutions for data centers, as this slide shows:

The plan is to increase server and storage performance by several times and even tens of times more in a few years.

 Server Performance Increase

 Storage Performance Increase

 In addition to Solaris, they have Red Hat–compatible Oracle Enterprise Linux (OEL) and support. Their virtualization is implemented through Oracle’s version of Xen software, Oracle VM. On top of Xen, Oracle added management and other software to make it a comprehensive offering for virtualization. The features of Virtual Iron, which Oracle acquired some time ago, are being integrated into Oracle VM. Both Oracle VM and Virtual Iron are based on Xen, so the integration should not be too hard.

 A presentation on cloud computing was a good tutorial. Many of Oracle’s customers are enterprises, which tend to use VMware’s virtualization solution. Oracle provides a feature to translate VMware VM file formats to theirs. Currently, private or on-premise clouds are implemented mostly with VMware, and public clouds (AWS and Rackspace) are implemented with Xen. Eucalyptus’s enterprise version has a feature that is the reverse of what Oracle VM does. It can translate VMs by VMware on-premise to AWS file formats to allow them to be transported to AWS public cloud (known as CloudBurst).

 Oracle view on Enterprise Evolution to Cloud

 Since Oracle now owns microprocessors, server and storage hardware, operating systems, virtualization engines, databases, and applications, they can fine-tune the entire system to make it very efficient and execute very fast. Although Oracle is still small compared with IBM in terms of revenue (Oracle $27B vs. IBM $96B), Oracle is now in a position to compete with IBM.

	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
		Oracle, Lustre and Open Source Going, Going, Gone
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 The seminar was well run and presented very useful information. If there was one thing I did not like about it, it was the lack of discussion of energy efficiency. Energy efficiency and green IT initiatives were mentioned several times during the day, but they were not discussed in detail. I asked one of the speakers to share some energy efficiency data with me. If and when I get it, I will publish it here.

Related posts:

1. More Energy Efficiency by IT at Data Centers, Panel Disucssion Proposal
2. Energy Star for Software?
3. Coverage Analysis: Oracle Acquisition Is Not A Slam Dunk

 If the AC power entering the data center is converted only once to DC power and distributed to IT equipment that takes DC as input, there would be no conversion loss. Unfortunately, a few years ago, Green Grid put out a white paper comparing the power distribution of DC and AC and concluding that there were very few differences between the two configurations. After reading it, I moved my focus away from power distribution. Now I am back on this subject because some friends who started a company in that area and Keizo Hoshijima of NTT Facilities pitched me the merits of DC distribution recently.

 I cannot forget another DC power distribution advocate, Dennis Symanski of EPRI. I met Dennis when he was a panelist in my Nordic Green panel session.

 Dennis Symanski

 At the conference, he gave a presentation on DC power distribution. Cooling is known to consume about 30–60% of power in a data center, but we seem to be getting a handle on that. Once cooling and other culprits are under control, then we can pay attention to power distribution to further cut power consumption.

 Recently, I had a chance to visit Dennis at EPRI to chat about the current status of DC power distribution at data centers. The following is an edited summary of our conversation.

Q: What do you do at EPRI, and what is your background?

A: My focus is to make any computer equipment energy efficient (EE). Prior to coming to EPRI, I spent 18 years at Sun working on international standards and regulations. EPRI is funded by utilities but is an independent nonprofit research organization. It strives to "do good for society,” and it is quite refreshing for me when I do not have to pay attention to revenues and stock prices.

	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
		Energy Impact of Increased Server Inlet Temperature
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Q: So what’s new in the DC power distribution area?

A: In 2006, we conducted a set of experiments on the use of DC power distribution at Sun (currently Oracle), along with LBNL, Ecos Consulting, and other vendors. Our conclusion was that DC power distribution increases data center EE and reliability. Since the experimentation, we formed an organization called DC Power Partners to further our efforts. The members include LBNL, EPRI, EMC, IBM, HP, Oracle (former Sun side), Intel, and even APC. (ZK; APC had a different opinion of DC power distribution before.) We have a once-a-month teleconference to discuss new technologies and installations to share information. In addition to the U.S. companies, some European and Japanese companies call in.

Q: You only cover technology aspects at your DC Power Partners?

A: EMerge Alliance works on DC lighting, led by Armstrong Ceiling for 24 VDC. DC Power Partners is joining the alliance. They can take care of sales and marketing, trade shows, and web promotion.

Q: Are there any major changes in the DC power distribution area?

A: There are no drastic changes. We are currently working to make sure the components that comprise DC power distribution comply with UL and/or FCC regulations. For example, connectors that are used for DC power distribution.

Q: I have no issue with the technology. What about the market? Which region of the world is more receptive to this technology?

A: In general, the telecom industry is keen on picking this up. Companies like AT&T, Verizon, and NTT. In Europe, the European Telecommunications Standards Institute (ETSI) has prepared a specification for 380 VDC. There is at least one CO in each city and dozens in large cities, so there are 10’s of thousands of COs in the U.S.

Q: But IT-centric data centers and COs are different, and the IT data centers may not be so enthusiastic about DC power distribution.

A: They used to be quite different, but, these days, they are becoming increasingly similar as they share the same kind of IT equipment. Look at AT&T, which needs to process IP traffic coming from iPhones and iPads.

Q: A couple of years ago, I read a white paper from Green Grid (GG) that said there were few differences between AC and DC power distribution. What is your take on that?

A: GG members do not include any direct current facilities equipment suppliers. Several of the GG IT equipment suppliers are researching direct current power supplies for their equipment.

Q: What do server vendors need to do to support DC power distribution?

A: All they have to do is to swap the AC power supply with the DC one. The direct current power supplies have a smaller component count, are more efficient and as a result, research demos may show them to be more reliable. It is not hard to create a data center solely with DC power distribution. IBM created such a data center at Syracuse University.

Q: Is there any data center with a solely DC power distribution system in the San Francisco Bay area?

A: Several are going in parallel. But one in the Bay Area will be announced in November.

Q: Right now, generated power is carried via the AC transmission system. If DC power enters a data center, we do not need to convert power at all. Can you transmit power via DC?

A: In the days of Edison vs. Westinghouse, we could not transmit DC power at 5,000 V or higher. These days the high DC voltage is transmitted over a long distance. A hydropower plant in northern Quebec transmits generated DC power to New England over several hundred miles, in addition to much-closer Toronto and Montreal. (ZK: High-voltage direct current is a technology for transmitting high voltage DC over thousands of miles)

Q: Is there anything else I should know about what EPRI is doing in the DC area?

A: We talked about the power supply for IT equipment. Those power supplies were very inefficient. The conversion rate was only 65% on the average. 80 Plus is an organization that promotes increasing the conversion rate to at least 80%. EPA adopted their specification, and EPRI is running a test lab for 80 Plus.

I got very useful information talking with Dennis. EPRI covers a large area of energy and its efficiency. I have not heard much about DC power distribution recently, but that does not mean efforts on its behalf were terminated. On the contrary, they are going very strong, including DC for home and power transmission. I will report on this subject from time to time in this blog.

Related posts:

1. Sentilla: Measuring Power Consumption At A Data Center
2. How to Move a Data Center in 35 Days – Week 3: The Power Balancing Act
3. Data Center Energy Efficiency at Nordic Green II